If you choose this role, Rancher automatically adds a service role for use with the cluster.

Custom: Choose from your existing service roles

If you choose this role, Rancher lets you choose from service roles that you’re already created within AWS. For more information on creating a custom service role in AWS, see the Amazon documentation.

Click Next: Select VPC and Subnet.

Choose an option for Public IP for Worker Nodes. Your selection for this option determines what options are available for VPC & Subnet.

Option

Description

Yes

When your cluster nodes are provisioned, they’re assigned a both a private and public IP address.

No: Private IPs only

When your cluster nodes are provisioned, they’re assigned only a private IP address.

If you choose this option, you must also choose a VPC & Subnet that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane.

Now choose a VPC & Subnet. Follow one of the sets of instructions below based on your selection from the previous step.

If you choose to assign a public IP address to your cluster’s worker nodes, you have the option of choosing between a VPC that’s automatically generated by Rancher (i.e., Standard: Rancher generated VPC and Subnet), or a VPC that you’re already created with AWS (i.e., Custom: Choose from your existing VPC and Subnets). Choose the option that best fits your use case.

Choose a VPC and Subnet option.

Option

Description

Standard: Rancher generated VPC and Subnet

While provisioning your cluster, Rancher generates a new VPC and Subnet.

Custom: Choose from your exiting VPC and Subnets

While provisioning your cluster, Rancher configures your nodes to use a VPC and Subnet that you’ve already created in AWS. If you choose this option, complete the remaining steps below.

Make sure Custom: Choose from your existing VPC and Subnets is selected.

From the drop-down that displays, choose a VPC.

Click Next: Select Subnets. Then choose one of the Subnets that displays.

Click Next: Select Security Group.

Public IP for Worker Nodes—No: Private IPs only

If you chose this option, you must also choose a VPC & Subnet that allow your instances to access the internet. This access is required so that your worker nodes can connect to the Kubernetes control plane. Follow the steps below.

Tip: When using only private IP addresses, you can provide your nodes internet access by creating a VPC constructed with two subnets, a private set and a public set. The private set should have its route tables configured to point toward a NAT in the public set. For more information on routing traffic from private subnets, please see the official AWS documentation.

1. From the drop-down that displays, choose a VPC.
1. Click **Next: Select Subnets**. Then choose one of the **Subnets** that displays.
1. Click **Next: Select Security Group**.

Choose a Security Group. See the documentation below on how to create one.